exploit the possibilities

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

Anantasoft Gazelle CMS 1.0 Cross Site Scripting
Posted Jun 21, 2012
Authored by $1l3n7 @$$@$$17

Anantasoft Gazelle CMS version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 47d8e74e15b58bfc1e856147ddf544b7

Anantasoft Gazelle CMS 1.0 Cross Site Scripting

Change Mirror Download
  ____/\______.__  ________      _________     _____  ____/\__
____/\__ _____ ____/\__ ____/\______
/ / /_/_ | | \_____ \ ___\______ \ / ___ \/ / /_// /
/_/ / ___ \/ / /_// / /_/_ | ____
\__/ / \ | | | _(__ < / \ / / / / ._\ \__/ / \ \__/ / \
/ / ._\ \__/ / \ \__/ / \ | |/ \
/ / / \| | |__/ \ | \/ / < \_____/ / / \/ / /
< \_____/ / / \/ / / \| | | \
/_/ /__ /|___|____/______ /___| /____/ \_____\/_/ /__ /_/ /__
/\_____\/_/ /__ /_/ /__ /|___|___| /
\/ \/ \/ \/ \/ \/ \/ \/
\/ \/ \/ \/ \/


------------------------------------------------------------------------------

-------------------------------------------------------------------


TITLE: Anantasoft Gazelle CMS Admin Panel Multiple stored XSS
Vendor: Anantasoft Gaselle CMS
Author: $1l3n7 @$$@$$17
Email: sil3ntb0t@gmail.com


Download Link: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download
Versions: 1.0
Tested on: Windows7
------------------------------------------------------------------------------


------------------------------------------------------------------------------
Description : Anantasoft's Gazelle CMS apparantly found it's way to a
magazine: the
January 2009 edition of LinuxFormat. Or rather: it's
editors found their
way to Gazelle CMS. Anantasoft.com
<http://www.anantasoft.com/index.php> has ranked 2nd in the CMS Awards
Popular Awards in the category SEO 2008.
Anantasoft Gaselle CMS 1.0 is vulnerable to stored xss
due to improper
input sanitization.An attacker can inject arbitrary
java script and can
be used for session hijacking.

DEMO:
A)Persistent XSS
http://localhost/gazelle/admin/index.php?Users


DEMO: http://www.opensourcecms.com/demo/2/193/Anantasoft+Gazelle+CMS

In Add User Tab -> Username Field

In Add Usergroup Tab -> User group field

In Modules -> Create Module -> Module name field

In Menu -> Add menu -> Menu Name field

POST DATA= "'-->><script>alert(0)</script>



----------------------------------------------------------------------------

gr33t1ngs and ShOuTZ to r007k17-w and all my friends..

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close